Skip to content

v6.17.0
Compare
Choose a tag to compare
@csordasmarton csordasmarton released this 10 Sep 14:07
· 1258 commits to master since this release
v6.17.0
d0e2d7b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New features

Git blame integration (#3398, #3423, #3425, #3430)

With this feature it will be possible for a developer to check who modified the source line last where a CodeChecker error appears.

  • If the project which was analyzed is a git repository CodeChecker store command will store blame information for every source files which are not stored yet.
  • The GUI will have a button on the report detail view to show blame information alongside the source file.
  • Hovering the mouse over a blame line, commit details will be shown in a pop-up window. Clicking on the hash will jump to the remote url of the repository and shows the commit which related to a blame line.

image

Cleanup plans (#3419)

Cleanup plans can be used to track progress of reports in your product. The conception is similar to the github Milestones.

You can do the following:

  • Managing cleanup plans: you can create cleanup plans by clicking on the pencil icon at the Cleanup plan filter on the Reports page. A pop-up window will be opened where you can add, edit, close or remove existing cleanup plans.
  • Add reports to a cleanup plan: you can add multiple reports to a cleanup plan on the Reports page or on the Report detail page by clicking to the Set cleanup plan button and selecting a cleanup plan.
    Note: you can remove reports from a cleanup plan the same way by clicking on the cleanup plan name.
  • Filter reports by cleanup plans: you can filter reports by a cleanup plan by using the Cleanup plan filter on the Reports page. Using this filter with other filters (Detection status, Review status etc.) you will be able to filter active / resolved reports in you cleanup plan.

image
image

Local diff workflow support (#3388)

If you want to use CodeChecker in your project but you don't want to run a CodeChecker server and to fix every reports found by CodeChecker for the first time (legacy findings) with this feature you can do the following:

  1. Analyze your project to a report directory as usual (e.g.: ./reports).
  2. Create a baseline file from the reports which contains the legacy findings: CodeChecker parse ./reports -e baseline -o reports.baseline. Note: it is recommended to store this baseline file (reports.baseline) in your repository.
  3. On source code changes after your project is re-analyzed use the CodeChecker diff command to get the new reports:
    CodeChecker cmd diff -b ./reports.baseline -n ./reports --new
  4. On configuration changes (new checkers / options are enabled / disabled, new CodeChecker / clang version is used, etc.) re-generate the baseline file (step 1-2).

LeakSanitizer Parser (#3368, #3375)

The report-converter tool is extended with LeakSanitizer which is a run-time memory leak detector for C programs.

# Compile your program.
clang -fsanitize=address -g lsan.c

# Run your program and redirect the output to a file.
ASAN_OPTIONS=detect_leaks=1 ./a.out > lsan.output 2>&1

# Generate plist files from the output.
report-converter -t lsan -o ./lsan_results lsan.output

# Store reports.
CodeChecker store ./lsan_results -n lsan

For more information see.

Checker label (#3233, #3413, #3414, #3415, #3432)

Previously the properties of checkers (severity, profile, guideline) are read from several JSON files. The goal was to handle all these and future properties of checkers in a common manner. This new solution uses labels which can be added to checkers.

The collection of labels is found in config/labels directory. The goal of these labels is that you can enable or disable checkers by these labels.

# List checkers in "sensitive" profile.
CodeChecker checkers --label profile:sensitive

# List checkers in "HIGH" severity.
CodeChecker checkers --label severity:HIGH

# List checkers covering str34-c SEI-CERT rule.
CodeChecker checkers --label sei-cert:str-34-c

# List checkers covering all SEI-CERT rules.
CodeChecker checkers --label guideline:sei-cert

# List available profiles, guidelines and severities.
CodeChecker checkers --profile
CodeChecker checkers --guideline
CodeChecker checkers --severity

# List labels and their available values.
CodeChecker checkers --label
CodeChecker checkers --label severity

# Enable HIGH checkers during analysis.
CodeChecker analyze \
  ./compile_commands.json \
  -o ./reports
  -e severity:HIGH

Note: with this new feature we also added severity levels for pylint (#3414) and cppcheck (#3415) analyzers.

Analyze improvements / fixes

  • Allow to override checker list (#3203).
  • Handle clang binary without installed dir (#3186).
  • Don't hardcode GCC in build-logger Makefile (#3352).
  • Improve debug log messages (#3361).
  • Remove the MallocOverflow checker from the sensitive profile (#3392).
  • Add the MallocOverflow checker to the extreme profile (#3400).
  • Create new diagnostic message hash (#3402).
  • Build log transformer: also ignore -fno-reorder-functions (#3411).
  • Don't run ClangSA checkers from clang-tidy (#3417).

CLI (parse, diff, etc.) improvements / fixes

  • Parse command exits with error in case of duplicated suppress comment (#3253).
  • Make parse subcommand to work with --skip option correctly (#3328).
  • Log options from the configuration file (#3341).
  • Do not print sensitive information when exception happens (#3355).
  • Add severity to CodeClimate export (#3356).
  • Improve log messages for gerrit output (#3374).
  • Fix gerrit output (#3378).
  • Fix check command config file support (#3385).

Server improvements / fixes

  • Use processes instead of threads (#3349).
  • Product View Permission (#3332).
  • Add index for report and run history id columns (#3351).
  • Unzip storage zip file to workspace directory (#3347).
  • Log run id when storing a run (#3358).
  • Comment date collision (#3360).
  • Fix exporting checker statistics to CSV (#3362).
  • Rephrase "report not found" error message (#3376)
  • Create columns for product details (#3382).
  • Fix setting analysis_info_id_seq (#3383).
  • Add 'thrift==0.13.0' dependency explicitly (#3389, #3394).
  • Show edit option only for admins (#3426).

Other improvements fixes.

  • Add local package to git automatically and refactore the doc (#3319).
  • Fix pypi package github action (#3344).
  • include package data files in python package (#3357).
  • Remove doxygen requirement (#3346).
  • Update checker_and_analyzer_configuration.md (#3350).
  • Web docker image hooks (#3359).
  • Add wait-for script to the docker image (#3364).
  • Change permission of helper script in docker image (#3365).
  • Usage of skip list handler is not optional anymore (#3366).
  • Fix broken alembic urls (#3390).
  • Documentation for Pypi package (#3391).
  • Add the severity for "readability-identifier-length" (#3403).
  • Override argparse error code (#3408).
  • Extend documentation with multi storage feature (#3420).
  • Test workspace is not necessarily under HOME (#3421).
  • Add the license file to the pypi package (#3422).
  • Add new features for 6.16.0 and 6.17.0 releases (#3427).
Assets 2
Loading